A general storage theorem for integers in call-by-name λ -calculus

A general storage theorem for integers in call-by-name λ -calculus

Jean-Louis Krivine

Equipe de Logique math´ematique, Universit´e Paris VII, C.N.R.S.

2 Place Jussieu 75251 Paris cedex 05 e-mail krivine@logique.jussieu.fr

November 28, 1993

Abstract. The notion ofstorage operator introduced in [5, 6] appears to be an important tool in the study of data types in second order λ-calculus. These operators areλ-terms which simulate call-by-value in the call-by-name strategy, and they can be used in order to modelize assignment instructions. The main result about storage operators is that there is a very simple second order type for them, using G¨odel’s “not-not translation” of classical into intuitionistic logic.

We give here a new and simpler proof of a strengthened version of this theorem, which contains all previous results in intuitionistic and in classical logic ([6, 7]), and gives rise to new “storage theorems”.

Moreover, this result has a simple and intuitive meaning, in terms of realizability.

Introduction

This paper deals with the “call-by-name”λ-calculus (cf. [14]), i.e. λ-calculus in which the strategy of reduction is the “weak head reduction”, which consists in reducing only the head redex, until the λ-term begins by a λ. Thus, the rule for “call-by-name”

reduction is:

(λx u)tt1. . . tk ;u[t/x]t1. . . tk.

We consider a second order type assignment system for this λ-calculus, in which types are formulas of second order predicate logic. Such a type system has already been used in [9, 4, 8]. It allows to getλ-terms from proofs in second orderintuitionisticlogic, by means of the well known Curry-Howard isomorphism.

The notion of storage operator defined in [5, 6] appears as an important tool in the study of this second order call-by-nameλ-calculus. They are closed λ-terms which allow, for a given data type (the type of integers, for example), to simulate call-by-value in the call-by-name strategy. In [6] was proved a “storage theorem” for intuitionistic logic; it asserts that the formula∀x[¬Int(x)→ ¬Int^∗(x)] (whereInt(x) is the definition of integers in second order logic, and ^∗ stands for G¨odel’s translation; cf. Definitions

& Notations below) is a specification for storage operators on integers in second order intuitionistic logic. This theorem can be generalized to other data types (cf. [10, 11]).

In [7], this storage theorem was extended to the case of second order classical logic (the idea of using storage operators in classical logic is due to M. Parigot [13] who found that they can decode integers obtained from classical proofs).

Our method in order to obtain λ-terms from proofs in second order classical logic is very simple: we only add a new λ-constant, denoted by c, with the declaration c : ∀X(¬¬X → X). In this way, classical proofs, considered as intuitionistic proofs with the axiom ∀X(¬¬X → X), give λ-terms with the constant c inside. Now, for such λ-terms, we extend the weak head reduction strategy with the following rule of reduction:

ctt1. . . tn ;(t)λx xt1. . . tn.

This is a particular case of a rule given by Felleisen [1] for control operators. Indeed, this new instruction c allows to introduce in λ-terms, mechanisms of “escape” which are much used in real programming languages, particularly in order to handle errors.

Examples of such instructions areCall/cc in SCHEME, andsetjmp, longjmp in the C language.

The idea of using classical logic in order to give types to “escape” instructions is due to T. Griffin[3].

In the present paper, we prove a general semantic property (theorem 2) for any λ- term T with type ∀x[¬Int(x)→ ¬Int^∗(x)]. This “storage property” can be expressed intuitively as follows:

T turns any program φ which can only accept as input an integer which is already computed, into a program T φ which accepts an integer in any form (and gives the same result as φ).

This property appears to be a good mathematical modelization of the simulation of call-by-value inside the call-by-name strategy. Indeed, the termT can only do this job by first computing the integer, before giving it, as an input, to the program φ.

As corollaries of this result, we get new and simpler proofs of the storage theorems for intuitionistic and classical logic, and also stronger forms of these theorems, which do not seem to be obtainable by the methods of [6, 7].

Definitions and notations

Formulas

We consider a second order language L, the logical symbols of which are ⊥, →, ∀.

There are individual (or first order) variables x, y, . . ., and predicate (or second order) variablesX, Y, . . .of each arity. There may be function symbols of any arity; in particu- lar, a constant symbol 0, and a unary function symbols (for successor). For simplicity, we shall assume there is no predicate symbol (i.e. predicate constant) except ⊥.

The terms ofL(built, in the usual way, with first order variables and function symbols) will be calledL-terms in order not to confuse them with λ-terms.

The set ofclosed L-terms (i.e. without variables) will be denoted by T.

Equality is defined: x=yis the formula∀X(Xx→Xy) where X is a unary predicate variable.

The formula ¬F is, by definition, F → ⊥. The formula ∃xF is ¬∀x¬F. We shall use the notationA, B →C for A→(B →C).

The formula Int(x) is ∀X[∀y(Xy→Xsy), X0→Xx], and reads “x is an integer”.

The G¨odel translation of a formula F of L is, by definition, the formula F^∗ obtained by replacing, inF, each atomic formula, except ⊥, with its negation. For example, the formula Int^∗(x) is ∀X[∀y(¬Xy→ ¬Xsy),¬X0→ ¬Xx].

LetE be a set of equations, i.e. formulas of the form t=u where t, u are L-terms. E is called a system of equations for integers if L contains the symbol of constant 0 and the symbol of unary function s, and, for any L-term t, and any k ∈N:

st= 0 is not an equational consequence ofE;

if st=s^k+10 is an equational consequence of E, so is t=s^k0.

Notice that ∅ is clearly a system of equations for integers.

Let E be a system of equations of L. On the set T of closed terms of L, we define an equivalence relation 'E as follows: t 'E u if and only if t = u is an equational consequence of E.

The quotient set T/'E will be denoted by TE. It is easy to check that TE is a model of E, when function symbols are interpreted in the canonical way.

Ifn∈N, theintegern ofTE is, by definition, the equivalence class of the termsⁿ0, for the equivalence relation 'E.

IfE is a set of equations for integers, then the integers ofTE are distinct. Furthermore, if t∈ TE is such that stis an integer of TE, then t itself is an integer of TE.

λ-terms

We denote by Λ the set of λ-terms, modulo α-equivalence, and by V the set of λ- variables. Ift, u ∈Λ, we denote by (t)u, or tu, or t.u, the application oft tou; and by (t)u1. . . uk, or tu1. . . uk−1uk, or t.u1. . . uk−1.uk, theλ-term (. . .((t)u1). . . uk−1)uk. A substitution is a map σ : V⁰ → Λ, where V⁰ is any subset of V. It has a canonical extension (which we shall denote also by σ) into a map σ : Λ → Λ, defined in the usual way. When V⁰ is a finite set {x1, . . . , xk} of variables, andσxi =ti, the substitu- tion σ is also denoted by [t1/x1, . . . , tk/xk]; and, for any t ∈Λ, σt is denoted then by t[t1/x1, . . . , tk/xk].

The weak head reduction(called call-by-namein [14]), is a binary relation on Λ, which will be denoted by ; it is defined as the least reflexive and transitive relation on Λ such that

(λx u)tt1. . . tk u[t/x]t1. . . tk for any k∈N, u, t, t1, . . . , tk ∈Λ.

A subset X of Λ is called saturated if t ∈ X, t⁰ t ⇒ t⁰ ∈ X. In other words, X is saturated if and only if:

u[t/x]t1. . . tk ∈ X ⇒(λx u)tt1. . . tk ∈ X for any k ∈N, u, t, t1, . . . , tk∈Λ.

IfX,Y ⊆Λ, then we define (X → Y)⊆Λ as{t∈Λ;tu∈ Y for every u∈ X }. Clearly,

(X → Y) is saturated for every saturated Y.

Models

A Λ-model Mis composed of the following data:

• A set <M of saturated subsets of Λ, called the truth values set of M, with the following properties:

i) ifX ⊂ Λ and Y ∈ <M then (X → Y)∈ <M;

ii) any intersection of elements of <M is in <M; (it follows that Λ ∈ <M: take the void intersection).

Notice that condition (i) may be replaced by:

i’) ift ∈Λ and Y ∈ <M then ({t} → Y)∈ <M.

• A fixed element of <M, denoted by |⊥|M.

A Λ-model Mis called standard orintuitionistic if<M is the set of allsaturated sub- sets of Λ.

Aformula ofLwith parameters inMis an expression of the formF[Φ1/X1, . . . ,Φk/Xk], whereF is a formula of L, Xi a predicate variable of arity ni, and Φi :T_Eⁿⁱ → <M for 1≤i≤k (the functions Φi are the parameters of the formula).

For each closed formulaF ofL, possibly with parameters, inM, we define itsvalue in the modelM, which is an element of<M, denoted by|F|M. This is done, by induction onF, in the following way:

If F is atomic, then F ≡ Φ(t1, . . . , tn) with t1, . . . , tn ∈ T, or F ≡ ⊥. In both cases,

|F|M is defined in an evident way.

IfF ≡G→H, then|F|M =|G|M→ |H|M. IfF ≡ ∀xG, then|F|M =^T{|G[t/x]|M;t∈ T }.

IfF ≡ ∀XG, X being a predicate variable of arity k, then |F|M =^T{|G[Φ/X]|M; Φ : T_E^k → <M}.

When t∈ |F|M, we say that t realizes the formula F in M (notation t k−F in M).

Typed terms

We shall consider typed terms i.e. expressions of the following form:

x1 : A1, . . . , xk : Ak `E τ : A, where A1, . . . , Ak, A are formulas of L, x1, . . . , xk are λ-variables,τ is a λ-term, and E a system of equations for integers.

The rules of construction of typed terms are as follows ([4, 8, 9]):

1. x1 :A1, . . . , xk:Ak `E xi :Ai.

2. If x1 :A1, . . . , xk :Ak, x:A`E τ :B, then x1 :A1, . . . , xk:Ak `E λx τ :A→B.

3. If x1 :A1, . . . , xk :Ak `E τ :A→B, τ<sup>0</sup> :A then x1 :A1, . . . , xk:Ak `E τ τ⁰ :B.

4. If x1 : A1, . . . , xk :Ak `E τ : ∀x A, then x1 : A1, . . . , xk :Ak `E τ : A[t/x] for every L-term t.

5. If x1 : A1, . . . , xk : Ak `E τ :A, then x1 : A1, . . . , xk :Ak `E τ : ∀x A, if x is a first order variable which does not appear in A1, . . . , Ak.

6. If x1 :A1, . . . , xk :Ak `E τ : ∀X A, then x1 :A1, . . . , xk :Ak `E τ :A[F/Xy1. . . yn]

(X is a predicate variable of arity n, F is any formula; A[F/Xy1. . . yn] is the formula obtained by replacing, in A, each atomic formula Xt1. . . tn by F[t1/y1, . . . , tn/yn]).

7. If x1 : A1, . . . , xk : Ak `E τ : A, then x1 : A1, . . . , xk : Ak `E τ : ∀X A, if X is a predicate variable which does not appear in A1, . . . , Ak.

8. Ifx1 :A1, . . . , xk :Ak `E τ :A[t/x], thenx1 :A1, . . . , xk :Ak `E τ : A[u/x], ift=u is an equational consequence of E.

These are the rules for second order intuitionistic logic.

Lemma 1 (Adequacy lemma) If x1 : A1, . . . , xk : Ak `E t : A is a typed term, where A1, . . . , Ak, A are closed formulas of L, and if M is a Λ-model, then, for every u1 ∈ |A1|M, . . . , uk ∈ |Ak|M, we have t[u1/x1, . . . , uk/xk]∈ |A|M.

The proof is postponed in an appendix. It is not really necessary for a first reading, because of the following remark.

Remark. In fact, we shall never use precisely the rules of construction of typed terms, but only the property expressed by the adequacy lemma. Therefore, in all what follows, we could indeed as well define a typed term as an expression x1 : A1, . . . , xk : Ak `E

t : A, where A, A1, . . . , Ak are closed formulas of L, such that, for every Λ-model M, if u1 ∈ |A1|M, . . . , uk ∈ |Ak|M, thent[u1/x1, . . . , uk/xk]∈ |A|M.

The R

-reduction

In the following, we shall consider a system E of equations for integers, a Λ-model N and some fixed O ∈ <N.

Ift, u ∈Λ, and i∈N, we define X(t, u, i)⊆Λ by induction on i:

X(t, u,0) ={η∈Λ;uη∈O} →O;

X(t, u, i+ 1) ={η ∈Λ;tζη∈O for each ζ ∈X(t, u, i)} →O.

We setX(t, u, a) = Λ for everya∈ TEwhich is not an integer ofTE. Clearly,X(t, u, a)∈

<N for every t, u∈Λ, a∈ TE.

Lemma 2 For every t, u ∈ Λ we have u ∈ X(t, u,0) and t ∈ |∀y[X(t, u, y) → X(t, u, sy)]|N.

LetY(u) = {η∈Λ;uη∈O}. Then, clearly, u∈(Y(u)→O) =X(t, u,0).

Let i ∈ TE; we have to show that t ∈ (X(t, u, i) → X(t, u, si)). This is clear if i is not an integer of TE, because neither is si (by the properties of E), and, therefore, X(t, u, si) = Λ.

Now, if i is an integer of TE, let Z(t, u, i) = {η;tζη ∈ O for each ζ ∈ X(t, u, i)}. Let ζ ∈X(t, u, i); we have to show thattζ ∈X(t, u, i+ 1), that isη∈Z(t, u, i)⇒tζη ∈O.

But this is clear by definition of Z(t, u, i).

Q.E.D.

It follows from this lemma that (t)ⁱu ∈ X(t, u, i), for every t, u ∈ Λ and i ∈ N;

therefore, X(t, u, a)6=∅ for anyt, u ∈Λ, a∈ TE.

LetV be the set ofλ-variables, with a given enumeration. LetW be an infinite subset ofV such thatV −W is also infinite. Let (tk, uk, vk, nk)k≥1 be a one-to-one enumeration of Λ³×N.

We define, by induction, a sequence (bk)k∈N of distinct elements of W: b0 is the first element of W; bk+1 is the first element of W, which is different from b0, . . . , bk, and which does not appear inti, ui, vi (1≤i≤k+ 1).

LetB ={bk; k ∈N}. For k≥1, we set:

φ(bk) = tk, ψ(bk) =uk, χ(bk) =vk, π(bk) =nk, ht(bk) =k.

In this way, we have defined five fonctions of domainB0 =B − {b0};ht(b) will be called the height of the variable b. For every u ∈ Λ, we define ht(u) to be the maximum of ht(b) for all free variables b of u, b ∈ B0 (ht(u) = 0 if u contains no variables in B0).

Let us notice that the map bk 7→ (tk, uk, vk, nk) is one-to-one from B0 onto Λ³ ×N;

and that the only variables ofB which appear intk, uk, vk are amongst b0, . . . , bk−1, by definition of B.

Now, let n be a fixed integer.

A substitution σ:{b0, . . . , bk} →Λ will be called n-suitableif:

σb0 ∈ |Int(n)|N and σbi ∈X(σφbi, σψbi, πbi) for 1 ≤i≤k.

A substitution σ:B →Λ will be called n-suitable if:

σb0 ∈ |Int(n)|N, and σb∈X(σφb, σψb, πb) for every b∈ B0.

Lemma 3 Every n-suitable substitution σ :{b0, . . . , bk} → Λ can be extended into an n-suitable substitution ¯σ:B →Λ.

We already know that X(t, u, i) 6= ∅, and σb0 ∈ |Int(n)|N. We define ¯σbj = σbj for 0 ≤ j ≤ k; for j > k, the definition of ¯σbj is done by induction on j, by choosing

¯

σbj ∈ X(¯σφbj,σψb¯ j, πbj). Notice that the only variables of B which appear in φbj, ψbj are taken among b0, . . . , bj−1; therefore ¯σφbj, ¯σψbj are already defined, and so is X(¯σφbj,σψb¯ j, πbj).

Q.E.D.

Lemma 4 Let σ be an n-suitable substitution onB, b ∈ B0, and ζ ∈X(σφb, σψb, πb).

Then, there is an n-suitable substitution σ⁰ on B, such that σ⁰b = ζ and σ⁰φb = σφb, σ⁰ψb=σψb, σ⁰χb=σχb.

Letk ≥1 be such thatb=bk; we first defineσ⁰ on{b0, . . . , bk}by setting σ⁰bi =σbi for 0≤i < k, and σ⁰bk =ζ. Then σ⁰ is clearly an n-suitable substitution on {b0, . . . , bk}.

By lemma 3, we extend it into an n-suitable substitution, also denoted by σ⁰, defined on the whole of B. We have σ⁰b = ζ, by construction of σ⁰. And also σ⁰φb = σφb because the only variables ofB which appear in φb are among b0, . . . , bk−1. The same apply toψb, χb.

Q.E.D.

We now define a binary relation on Λ, which we callRn-reduction, and denote by Rn. It is the least reflexive and transitive relation, such that

• (λx u)tt1. . . tk Rn u[t/x]t1. . . tk, for every k∈N and u, t, t1, . . . , tk ∈Λ;

• bwRn (ψb)w, if w∈Λ, and b∈ B0 is such that π(b) = 0;

• bwRn (φb)b⁰wifw∈Λ, andb ∈ B0 is such that 1≤π(b)≤n−1;b⁰ is the single variable in B0 such thatφ(b⁰) = φ(b), ψ(b⁰) =ψ(b), χ(b⁰) =w, π(b⁰) =π(b)−1;

• b0tuv Rn tbv, where b is the single variable in B0 such that φ(b) = t, ψ(b) = u, χ(b) =v, π(b) = n−1;t, u, v are arbitrary λ-terms.

Theorem 1 Let e∈Λ be such that σe∈O for every substitution σ on B. If E ∈Λ is such that E Rn e, then σE ∈O for every n-suitable substitution σ on B.

The proof is by induction on the length of the Rn-reduction E _Rn e. The result is clear if E = e. Let us consider now the first rule of Rn-reduction which is applied in the Rn-reduction of E:

1. E = (λx u)tt1. . . tk; by the induction hypothesis, we haveσ{u[t/x]t1. . . tk} ∈O, for every n-suitable substitution σ on B. Therefore, σE = σ{(λx u)tt1. . . tk} ∈ O, since O is saturated.

2. E = bw with b ∈ B0, π(b) = 0. By the induction hypothesis, we have σ((ψb)w) ∈ O, that is σψb.σw ∈ O, for every n-suitable substitution σ on B. But σb ∈X(σφb, σψb,0), by definition of an n-suitable substitution, since πb = 0. There- fore, (σb)η ∈ O, for every η such that (σψb)η ∈ O. If we take η = σw, we get σb.σw∈O, that is σE∈O.

3. E = bw, with b ∈ B0, π(b) = i, 1 ≤ i ≤ n −1. By the induction hypoth- esis, we have σ⁰((φb)b⁰w) ∈ O for every n-suitable substitution σ⁰ on B. Therefore, σ⁰φb.σ⁰b⁰.σ⁰w ∈ O. Moreover, we have φ(b⁰) = φ(b), ψ(b⁰) = ψ(b), χ(b⁰) = w and π(b⁰) =i−1.

Suppose now that σ is an n-suitable substitution on B. Let ζ be an arbitrary ele- ment of X(σφb⁰, σψb⁰, i−1). By lemma 4, there exists an n-suitable substitution σ⁰ on B such that σ⁰b⁰ = ζ, σ⁰φb⁰ = σφb⁰, σ⁰ψb⁰ = σψb⁰, σ⁰χb⁰ = σχb⁰. Since φ(b⁰) = φ(b), we have σ⁰φb = σφb. From χ(b⁰) = w, we obtain σ⁰w = σw. Therefore σ⁰φb.σ⁰b⁰.σ⁰w=σφb.ζ.σw, and it follows that σφb.ζ.σw∈O. And this is true for every ζ ∈X(σφb⁰, σψb⁰, i−1) =X(σφb, σψb, i−1) (becauseφb⁰ =φb, ψb⁰ =ψb). On the other hand, since σ is an n-suitable substitution, andπ(b) =i, we have σb∈X(σφb, σψb, i).

From the definition of X(t, u, i) for i ≥ 1, it follows that (σb)η ∈ O for every η ∈ Λ such that (σφb)ζη ∈O for every ζ ∈X(σφb, σψb, i−1). If we take η=σw, we obtain σb.σw∈O, in other words σE=σ(bw)∈O.

4. E =b0tuv; by the induction hypothesis, we have σ⁰(tbv)∈O for each n-suitable substitutionσ⁰ on B. Here, b∈ B0, π(b) =n−1, φ(b) =t, ψ(b) =u, χ(b) =v.

Now, letσbe ann-suitable substitution onB, andζan arbitrary element ofX(σt, σu, n−

1) = X(σφb, σψb, π(b)). By lemma 4, there exists an n-suitable substitution σ⁰ on B such that σ⁰b = ζ, σ⁰t = σt, σ⁰u = σu, σ⁰v = σv. Thus, σ⁰(tbv) = σ⁰t.σ⁰b.σ⁰v = σt.ζ.σv and it follows that σt.ζ.σv ∈ O; and this is true for every ζ ∈ X(σt, σu, n−

1). But, by the fact that σ is n-suitable, we have σb0 ∈ |Int(n)|N, and, therefore, σb0 ∈ |∀y[X(σt, σu, y)→ X(σt, σu, sy)], X(σt, σu,0)→ X(σt, σu, n)|N. On the other hand, by lemma 2, we know that σu ∈ X(σt, σu,0) and σt ∈ |∀y[X(σt, σu, y) → X(σt, σu, sy)]|N. It follows thatσb0.σt.σu∈X(σt, σu, n). By definition ofX(σt, σu, n), we have σb0.σt.σu.η ∈ O, for every η ∈ Λ such that (σt)ζη ∈ O for each ζ ∈ X(σt, σu, n− 1). Therefore, by taking η = σv, it follows that σb0.σt.σu.σv ∈ O, that isσE =σ(b0tuv)∈O.

Q.E.D.

A subset X ⊆Λ will be said Rn-saturated if t∈ X, t⁰ Rn t⇒t⁰ ∈ X.

Lemma 5 For every modelMsuch that|⊥|M isRn-saturated, we haveb0 ∈ |Int^∗(n)|M. Assume that t ∈ |∀y(¬Xy → ¬Xsy)|M, u∈ |¬X0|M, v ∈ |Xn|M. We have to show that b0tuv ∈ |⊥|M. Let us first show that, for every b ∈ B0 such that φb =t, ψb = u andπ(b) =i(0≤i≤n−1), we haveb ∈ |¬Xi|M; this will be done by induction on i.

If π(b) = 0, we have bw Rn uw. But, if w ∈ |X0|M, then uw ∈ |⊥|M, and therefore (since |⊥|M is Rn-saturated)bw ∈ |⊥|M. Thus b∈ |¬X0|M.

Ifπ(b) =i(1≤i≤n−1), we havebwRn tb⁰w, withb⁰ ∈ B0, φ(b⁰) =φ(b) =t, ψ(b⁰) = ψ(b) = u and π(b⁰) = i−1. By the induction hypothesis, we get b⁰ ∈ |¬X(i−1)|M, and therefore tb⁰ ∈ |¬Xi|M. Thus, if w∈ |Xi|M, we have tb⁰w ∈ |⊥|M; since |⊥|M is Rn-saturated, it follows that bw∈ |⊥|M, and finally, b ∈ |¬Xi|M.

Now b0tuvRn tbv with φ(b) =t, ψ(b) =u and π(b) =n−1. By what has just been proved, we have b ∈ |¬X(n−1)|M. Therefore tb ∈ |¬Xn|M. Since v ∈ |Xn|M, we obtaintbv ∈ |⊥|M. Therefore b0tuv∈ |⊥|M because |⊥|M is Rn-saturated.

Q.E.D.

Lemma 6 Let E be a system of equations for integers, n ∈N, T a λ-term such that

`E T : ¬Int(n) → ¬Int^∗(n), and f a variable ∈ W − B. Then there exists αn ∈ Λ, αn'β λf λx fⁿx (or, possibly, αn'β λx x if n = 1) such that T f b0 Rn f αn.

Let M be a standard model of E such that |⊥|M = {t ∈Λ; t _Rn f α for someα '_β n or α'β λx x if n = 1}. Since M is a standard model, we have, by lemma 8 below,

|Int(n)|M ⊆ {α ∈ Λ; α 'β n} if n 6= 1, and |Int(1)|M ⊆ {α ∈ Λ; α 'β 1 or α 'β

λx x}. In either case, it follows thatf ∈ |¬Int(n)|M. Since, by the adequacy lemma 1, T ∈ |¬Int(n) → ¬Int^∗(n)|M, we have T f ∈ |¬Int^∗(n)|M. But, by lemma 5, b0 ∈

|Int^∗(n)|M, because |⊥|M is Rn-saturated. Therefore T f b0 ∈ |⊥|M, and this is the desired result.

Q.E.D.

Definition. If `E T : ¬Int(n) → ¬Int^∗(n) with n ∈ N, the λ-term αn defined in lemma 6 will be called the T-value of the integer n. We define V al(T, n) ⊆ Λ as V al(T, n) = {σαn;σ substitution on B ∪ {f}}. If n ∈ T is not an integer of TE, we define V al(T, n) =∅.

Lemma 7 Let σ be a substitution on V − B. Then, there exists an extension of σ into a substitution σ⁰, defined on the whole of V, such that σ⁰b0 = b0, and, for every T, U ∈Λ, T Rn U ⇒σ⁰T Rn σ⁰U.

We define σ⁰bk by induction onk: σ⁰b0 =b0; σ⁰bk fork ≥1 is the single variableb ∈ B0

such that φb = σ⁰φbk, ψb = σ⁰ψbk, χb = σ⁰χbk, πb = πbk. Notice that the heights of φbk, ψbk, χbk are < k, so thatσ⁰φbk, σ⁰ψbk, σ⁰χbk are already defined.

Thus, we haveφσ⁰b=σ⁰φb, ψσ⁰b =σ⁰ψb, χσ⁰b =σ⁰χb and πσ⁰b=πb for every b ∈ B0. We prove thatT Rn U ⇒σ⁰T Rn σ⁰U by induction on the length of theRn-reduction T Rn U.

If T = (λx u)tt1. . . tk, one step of Rn-reduction gives the λ-term T1 = u[t/x]t1. . . tk. By the induction hypothesis, we have σ⁰T1 Rn σ⁰U, and, clearly, σ⁰T σ⁰T1. Thus σ⁰T Rn σ⁰U.

If T = bw with b ∈ B0, πb = 0, then one step of Rn-reduction gives the λ-term T1 =ψb.w. The induction hypothesis givesσ⁰T1 Rn σ⁰U. We have σ⁰T =σ⁰b.σ⁰wRn

ψσ⁰b.σ⁰w=σ⁰ψb.σ⁰w=σ⁰T1. Therefore σ⁰T Rn σ⁰U.

If T =bw with b ∈ B0 and 1 ≤ πb ≤ n−1, then we set T1 = (φb)b⁰w, where b⁰ ∈ B0

is determined by the conditions φb⁰ = φb, ψb⁰ = ψb, χb⁰ = w and πb⁰ = πb−1. The induction hypothesis gives σ⁰T1 Rn σ⁰U. But σ⁰T = σ⁰b.σ⁰w Rn φσ⁰b.b⁰⁰.σ⁰w, with b⁰⁰ ∈ B0 such that φb⁰⁰ =φσ⁰b, ψb⁰⁰ = ψσ⁰b, χb⁰⁰ = σ⁰w and πb⁰⁰ =πσ⁰b−1. It follows thatb⁰⁰=σ⁰b⁰, sinceφσ⁰b⁰ =σ⁰φb⁰ =σ⁰φb=φσ⁰b; ψσ⁰b⁰ =σ⁰ψb⁰ =σ⁰ψb=ψσ⁰b; χσ⁰b⁰ = σ⁰χb⁰ = σ⁰w; and πσ⁰b⁰ = πb⁰ = πb−1 = πσ⁰b −1. Thus, σ⁰T Rn φσ⁰b.σ⁰b⁰.σ⁰w = σ⁰φb.σ⁰b⁰.σ⁰w=σ⁰T1, and, eventually σ⁰T _Rn σ⁰U.

If T = b0tuv, one step of Rn-reduction gives the λ-term T1 = tbv. We have σ⁰T1 = σ⁰t.σ⁰b.σ⁰v. But b is the variable of B0 defined by φb =t, ψb =u, χb =v, πb=n−1;

by definition ofσ⁰, we have σ⁰b ∈ B0, φσ⁰b=σ⁰t, ψσ⁰b=σ⁰u, χσ⁰b =σ⁰v, πσ⁰b=n−1.

It follows that σ⁰T = b0σ⁰t.σ⁰u.σ⁰v Rn σ⁰T1. By the induction hypothesis, we get σ⁰T1 Rn σ⁰U, and it follows that σ⁰T Rn σ⁰U.

Q.E.D.

Storage theorems

We can now prove a general result about the behaviour ofλ-terms of type ¬Int(x)→

¬Int^∗(x).

Theorem 2 (General storage theorem)

Suppose that E is a set of equations for integers, n is a L-term, N is a Λ-model and O ∈ <N. Then

i) If `E T :¬Int(n)→ ¬Int<sup>∗</sup>(n), then T ∈ |(V al(T, n)→O)→(Int(n)→O)|N. ii) If `E T : ∀x[¬Int(x) → ¬Int^∗(x)], then T ∈ |∀x[(V al(T, x) → O) → (Int(x) → O)]|N.

Remark. The intuitive meaning of this theorem, when n is an integer of TE, is as follows: let T be a λ-term of type ∀x[¬Int(x) → ¬Int^∗(x)]; for example, T = λf λx(x)λhλg(h)g◦suc.λg g0.f, which is given by the simplest proof of∀x[¬Int(x)→

¬Int^∗(x)]; suc is a λ-term for the successor, and ◦ is the operator of composition (f◦g =λx(f)(g)x).

Then, by lemma 6, to each n ∈ N, is associated a λ-term αn 'β n, which is a kind of computed value which we called the T-value of n (for the above example, αn is sucⁿ0). Notice that, from the point of view of computation, all λ-terms σαn, for any substitution σ, are equivalent to αn; indeed, free variables in αn are dummy variables since αn isβ-equivalent to a closed term. It follows that the λ-terms we substitute for them are never computed in the call-by-name strategy.

Now, letφ be aλ-term which can only handle integers in the reduced formαn(or σαn, for any substitution σ). This means that we know the behavior of φ only on these integers; this is expressed by the fact thatφ ∈ |V al(T, n)→O|.

ThenT φ will be able to handle any “general” integer n, i.e. anyλ-term which realizes Int(n), and it will have the same behavior as φ. This is expressed by the fact thatT φ will realize Int(n)→O.

Clearly, T can only accomplish this by first computing the T-value αn of the general integer n, before giving it, as an argument, to the program φ. This is exactly the simulation of call-by-value in the head reduction (call-by-name) strategy.

Proof of theorem 2.

i) We first suppose thatn is an integer. Letφ∈ |V al(T, n)→O|N, θ∈ |Int(n)|N. We have to show thatT φθ ∈O. We first remark that the setW of variables can be chosen arbitrarily. Therefore, we can assume that no variable ofW, and thus ofB ∪ {f}, has a free occurrence inφ. By lemma 6, we have T f b0 Rn f αn. Let σ0 be the substitution [φ/f] defined on V − B, and σ0⁰ its extension defined in lemma 7. Then, by lemma 7, σ⁰0(T f b0)Rn σ0⁰(f αn), that is T φb0 Rn φ.σ0⁰αn.

Now, for any substitution σ onB, we have σ(φ.σ0⁰αn) =φ.σ⁰αn, where σ⁰ =σ◦σ0⁰ is a substitution. Thereforeσ(φ.σ0⁰αn)∈O, becauseφ∈ |V al(T, n)→O|N. By theorem 1, we deduce that σ(T φb0) ∈ O for every n-suitable substitution σ on B. We choose σ such thatσ(b0) = θ (by means of lemma 3, in which we set k= 0), and eventually, we get T φθ ∈O.

Suppose now that n is not an integer. Then V al(T, n) = ∅, so that |V al(T, n) → O|N = Λ. Thus, ifφ is any λ-term, and θ∈ |Int(n)|N, we have to show that T φθ ∈O.

Let M be the standard model such that |⊥|M = O. Since n is not an integer of TE, and M is standard, it follows, by lemma 8 below, that |Int(n)|M = ∅. Therefore φ ∈ |¬Int(n)|M. By the adequacy lemma, we have T ∈ |¬Int(n)→ ¬Int^∗(n)|M, and it follows that T φ∈ |¬Int^∗(n)|M.

We now show thatθ∈ |Int^∗(n)|M; the result will follow, since we getT φθ ∈ |⊥|M=O.

Let Ξ be an arbitrary function TE → <M. We have to prove that θ ∈ |∀y(Ξ⁰y → Ξ⁰sy),Ξ⁰0 → Ξ⁰n|M, with Ξ⁰η = (Ξη → O) for every η ∈ TE. But, since O ∈ <N, we have Ξ⁰η ∈ <N for every η ∈ TE, and the desired result follows from the fact that θ∈ |Int(n)|N =|∀X[∀y(Xy→Xsy), X0→Xn]|N.

ii) Immediate from (i), by definition of |∀x[(V al(T, x)→O)→(Int(x)→O)]|N. Q.E.D.

We obtain, as corollaries of theorem 2, the storage theorems for intuitionistic logic [6]

and for classical logic [7], and some strengthening of them (theorems 3 to 5).

Theorem 3 (storage theorem for intuitionistic logic)

If `E T :¬Int(n)→ ¬Int^∗(n), n∈N, f is a variable, and θ 'β n, then T f θ f.σαn

for some substitution σ, αn being the T-value of n.

We apply theorem 2(i), taking forN a standard model. We setO={t ∈Λ; t f.σαn

for some substitution σ}. From this definition of O, it follows that f ∈ |V al(T, n) → O|N. From theorem 2, we deduce that T f ∈ |Int(n)→ O|N. But, since θ 'β n, the following lemma shows that θ∈ |Int(n)|N, and therefore T f θ ∈O.

Q.E.D.

Lemma 8 If θ 'β λf λx fⁿx, n ∈ N, then θ ∈ |Int(n)|N, for every model N. Con- versely, if Mis a standard model and θ∈ |Int(u)|M (u∈ T), then u 'E sⁿ0 for some n∈N, and θ'β λf λx fⁿx (or, possibly, if n= 1, θ 'β λx x).

Let φ ∈ |∀y(Ξy → Ξsy)|N and α ∈ Ξ0, with Ξ : TE → <N. We have to show that θφα ∈ Ξn. Let f, a be λ-variables not in θ. Since θ 'β λf λx fⁿx, we have θf a f tn; tn f tn−1;. . .; t2 f t1; t1 a. Since the weak head reduction is compatible with substitution, we deduce that θφαφt⁰_n; t⁰_n φt⁰n−1;. . .; t⁰2 φt⁰1; t⁰1 α, where t⁰_i = ti[φ/f, α/a]. By induction on i, we show that t⁰_i+1 ∈ Ξi, for 0 ≤ i < n. This is clear for i = 0, since Ξ0 is saturated. If t⁰_i ∈ Ξ(i−1), then φt⁰_i ∈ Ξi and therefore, t⁰_i+1 ∈Ξi, because Ξi is saturated (1≤i < n). Thus t⁰_n ∈Ξ(n−1), so that φt⁰_n∈ Ξn, and θφα∈Ξn, by saturation of Ξn.

Conversely, letθ ∈ |Int(u)|M. We define Ξ :TE → <M by Ξ(v) = ∅if v 6'E s^k0 for any k ∈N; Ξ(s^k0) = {τ ∈Λ; τ 'β f^ka},f and a being variables not in θ. Then a ∈Ξ(0), and f ∈ |∀y(Ξ(y)→Ξ(sy))|M (indeed, if v ∈ T is not an integer, then Ξ(v) =∅, and thus (Ξ(v)→Ξ(sv)) = Λ).

It follows that θf a ∈Ξ(u); thus, Ξ(u)6= ∅, and u 'E sⁿ0 for some n ∈N. Therefore, θf a'β fⁿa, and it follows easily thatθ 'β λf λa fⁿa(or, possibly, ifn = 1,θ'β λf f).

Q.E.D.

In order to state the storage theorem for classical logic, we introduce a constant c in λ-calculus. We define the head c-reduction on λ-terms (notation c) as the least reflexive and transitive binary relation on Λ such that:

(λx t)uu1. . . ukct[u/x]u1. . . uk;

cuu1. . . uk _c(u)λx(x)u1. . . uk,x being a variable not in u1, . . . , uk. A subset X of Λ will be called c-saturated if t∈ X, t⁰ c t⇒t⁰ ∈ X.

The λ-constant c is declared to be of type ∀X(¬¬X → X). In this way, without changing the rules of construction of typed terms, we get typed terms in classical logic.

We write: x1 :A1, . . . , xk :Ak `<sup>c</sup><sub>E</sub> t:A instead of x1 : A1, . . . , xk : Ak,c: ∀X(¬¬X → X)`E t:A.

A Λ-model M will be called ⊥-standard or classical if |⊥|M is c-saturated, and <M

is the set of all intersections of subsets of Λ of the form |X1, . . . ,X_k → ⊥|M, with k ∈N,X1, . . . ,Xk ⊆Λ (or, what amounts to the same thing, the set of all intersections of subsets of Λ of the form|{t1}, . . . ,{tk} → ⊥|M, withk ∈N, t1, . . . , tk∈Λ).

Lemma 9 If M is a Λ-model which is ⊥-standard, then c∈ |∀X(¬¬X →X)|M. We have to prove that c∈ |¬¬X → X |M for every X ∈ <M. Let us suppose first that X =|{t1}, . . . ,{tk} → ⊥|M, with t1, . . . , tk∈Λ. Then, we remark that λx(x)t1. . . tk ∈

|¬X |M(xbeing not free int1, . . . , tk): indeed, for everyt ∈ X, we havett1. . . tk∈ |⊥|M. But |⊥|M is c-saturated, and, therefore, (λx(x)t1. . . tk)t∈ |⊥|M.

Now lett∈ |¬¬X |M; from what has just been proved, it follows that (t)λx(x)t1. . . tk ∈

|⊥|M. Since |⊥|M is c-saturated, we get ctt1. . . tk ∈ |⊥|M, that is ct ∈ X. It follows that c∈ |¬¬X → X |M.

Let now X be any element of <M. Thus we have X = ^Ti∈IXi, each Xi being of the form|{t1}, . . . ,{tk} → ⊥|M. Now, we know that c∈ |¬¬Xi → Xi|M. If t∈ |¬¬X |M, then t ∈ |¬¬Xi|M for all i ∈I, since X ⊆ Xi; therefore ct∈ Xi for each i ∈I, and it follows thatct∈ X, which is the desired result.

Q.E.D.

Theorem 4 (1st storage theorem for classical logic)

If `E T : ¬Int(n) → ¬Int<sup>∗</sup>(n), and `^c_E τ : ¬¬Int(n) (n being an integer), then (τ)(T)f c f.σαn for some substitution σ, αn being the T-value of n. Furthermore, for any λ-terms t1, . . . , tk, we have (τ)λx T f xt1. . . tk c f.σαn.t1. . . tk for some sub- stitution σ.

Corollary 1 If `^c_E θ : Int(n), then, for any k ∈ N and t1, . . . , tk ∈ Λ, we have T f θt1. . . tk cf.σαn.t1. . . tk for some substitution σ.

Indeed, if `<sup>c</sup><sub>E</sub> θ : Int(n), then `^c_E τ : ¬¬Int(n), with τ = λg gθ (g being a variable which does not appear inθ), and we only have to apply theorem 4.

Fork = 0, this gives theorem III.3 of [7].

Proof of theorem 4:

We apply theorem 2(i), taking forN a⊥-standard model ofE. We first setO =|⊥|N = {t∈Λ; tc f.σαn for some substitution σ}. From this definition ofO, it follows that f ∈ |V al(T, n) → O|N. From theorem 2, we deduce that T f ∈ |Int(n) → O|N i.e.

T f ∈ |¬Int(n)|N. But, by hypothesis, we have c: ∀X(¬¬X → X) `E τ : ¬¬Int(n), and lemma 9 gives c∈ |∀X(¬¬X → X)|N. From adequacy lemma, it follows that τ ∈ |¬¬Int(n)|N, and therefore (τ)(T)f ∈ |⊥|N =O, which is the first desired result.

Now, we set |⊥|N = {t ∈ Λ; t c f.σαn.t1. . . tk for some substitution σ}, and O = {t1}, . . . ,{tk} → |⊥|N. These definitions ensure that f ∈ |V al(T, n) → O|N. By theorem 2, we obtain T f ∈ |Int(n) → O|N. By definition of O, it follows that λx T f xt1. . . tk ∈ |¬Int(n)|N. Again from lemma 9 and adequacy lemma, we have (τ)λx T f xt1. . . tk ∈ |⊥|N, which gives the second part of the theorem.

Q.E.D.

In the following theorem, φ(x) is a term of the language L, the only free variable of which is x. Rg(φ) is its range, i.e. the set of all L-terms which are 'E φ(t), for some closed L-term t.

Theorem 5 (2nd storage theorem for classical logic)

If `E T :∀x[¬Int(x)→ ¬Int<sup>∗</sup>(x)], and`^c_E τ :∃xInt[φ(x)], (φ(x)being a L-term) then (τ)(T)f c f.σαn for some integer n ∈ Rg(φ) and some substitution σ, αn being the T-value of n. Furthermore, for any λ-terms t1, . . . , tk, we have (τ)λx T f xt1. . . tk c

f.σαn.t1. . . tk for some integer n∈Rg(φ) and some substitution σ.

The proof is almost the same, and we only prove the first part. We apply theorem 2(ii), taking for N a ⊥-standard model. We set O =|⊥|N = {t ∈ Λ; t c f.σαn for some integer n∈Rg(φ) and some substitutionσ}. From this definition ofO, it follows that f ∈ |∀x(V al[T, φ(x)]→O)|N. From theorem 2, we deduce thatT f ∈ |∀x(Int[φ(x)]→ O)|N i.e. T f ∈ |∀x¬Int[φ(x)]|N. Now, by hypothesis, we have`<sup>c</sup><sub>E</sub> τ :∃xInt[φ(x)], that is `^c_E τ : ¬∀x¬Int[φ(x)]. Again from lemma 9 and adequacy lemma, it follows that (τ)(T)f ∈ |⊥|N =O.

Q.E.D.

Remark. If we take φ(x) =x, this theorem suggests to represent the type of integers by the formula∃xInt(x). And also, by taking φ(x) = 2x, for example, it suggests that we could define the type of even integers, by the formula∃x Int(2x).

Appendix: proof of the adequacy lemma

LetM be a Λ-model. A valuation δ in Mis a map defined on the set of variables of L, and such that: δx ∈ T if x is a first order variable;δX :T_Eⁿ→ <M if X is a second order variable of arity n.

Iftis aL-term, with variablesx1, . . . , xm, we defineδt∈ T byδt=t[δx1/x1, . . . , δxm/xm].

IfAis a formula, possibly with parameters inM, with free variablesx1, . . . , xm, X1, . . . , Xn, andδis a valuation inM, thenδAis defined as the closed formulaA[δx1/x1, . . . , δxm/xm, δX1/X1, . . . , δXn/Xn] (with parameters in M).

We now prove the

Theorem 6 If x1 :A1, . . . , xk:Ak `E t :A andδ is a valuation in M, then, for every u1 ∈ |δA1|M, . . . , uk∈ |δAk|M, we have t[u1/x1, . . . , uk/xk]∈ |δA|M.

The adequacy lemma is the particular case of this theorem when A1, . . . , Ak, A are closed formulas of L.

Let x1 : A1, . . . , xk : Ak `E t : A be a typed term, δ a valuation in M, and u1 ∈ |δA1|M, . . . , uk ∈ |δAk|M. We prove that t[u1/x1, . . . , uk/xk] ∈ |δA|M by induc- tion on the length of the derivation ofx1 :A1, . . . , xk :Ak `E t:A. Let us look at the rule used in the last step:

If it is rule 1, we have t ≡xi and A≡Ai(1≤i≤k). Then the result is trivial.

If it is rule 2, we havet≡λx τ andA≡B →C; the previous step gavex1 :A1, . . . , xk : Ak, x:B `E τ :C. By the induction hypothesis, if u∈ |δB|M, we have:

τ[u1/x1, . . . , uk/xk, u/x]∈ |δC|M. Since |δC|M is a saturated set, we get:

(λx τ[u1/x1, . . . , uk/xk])u ∈ |δC|M, i.e. t[u1/x1, . . . , uk/xk]u ∈ |δC|M. Since this is

true for every u∈ |δB|M, we get t[u1/x1, . . . , uk/xk]∈ |δB→δC|M=|δA|M.

If it is rule 3, we have t = vw and previous steps gave x1 : A1, . . . , xk : Ak `E v : B → A and x1 : A1, . . . , xk : Ak `E w : B. By the induction hypothesis, we have v[u1/x1, . . . , uk/xk] ∈ |δB → δA|M and w[u1/x1, . . . , uk/xk] ∈ |δB|M. Therefore, (vw)[u1/x1, . . . , uk/xk]∈ |δA|M, i.e. t[u1/x1, . . . , uk/xk]∈ |δA|M.

If it is rule 4, we have A ≡ B[v/x], v being a L-term. The previous step gave x1 : A1, . . . , xk :Ak `E t:∀xB. By the induction hypothesis, we havet[u1/x1, . . . , uk/xk]∈

|δ(∀xB)|M. But δ(B[v/x]) =δB[δv/x], and therefore |δ(∀xB)|M ⊂ |δ(B[v/x])|M. It follows thatt[u1/x1, . . . , uk/xk]∈ |δ(B[v/x])|M =|δA|M.

If it is rule 5, we haveA≡ ∀xB, and the previous step gavex1 :A1, . . . , xk:Ak `E t :B, x not being free in A1, . . . , Ak. Let v ∈ T, and δ⁰ be the valuation identical with δ, except on x, and such that δ⁰x = v. Since x is not free in A1, . . . , Ak, we have δAi =δ⁰Ai, and therefore ui ∈ |δ⁰Ai|M. By the induction hypothesis applied with δ⁰, we get t[u1/x1, . . . , uk/xk]∈ |δ⁰B|M =|δ(B[v/x])|M. Since this is true for each v ∈ T, we obtain t[u1/x1, . . . , uk/xk]∈^Tv∈T |δ(B[v/x])|M =|δ(∀xB)|M =|δA|M.

If it is rule 6, we have A≡B[F/Xy1. . . yn], and the previous derivation step gave x1 : A1, . . . , xk :Ak `E t:∀XB. By the induction hypothesis, we havet[u1/x1, . . . , uk/xk]∈

|(∀XB)|M=^T{δ(B[Φ/X]); Φ :T_Eⁿ→ <M}.

By the following lemma, we have |δ(B[F/Xy1. . . yn])|M = |δ(B[Φ0/X])|M for some Φ0 :T_Eⁿ→ <M. It follows that |δ(∀XB)|M⊂ |δ(B[F/Xy1. . . yn])|M =|δA|M. Thus t[u1/x1, . . . , uk/xk]∈ |δA|M.

If it is rule 7, we haveA≡ ∀XB, and the previous derivation step gavex1 :A1, . . . , xk : Ak `E t:B, Xnot being free in A1, . . . , Ak. Let Φ : T_Eⁿ → <M,n being the arity ofX, and letδ⁰ be the valuation identical withδ, except onX, and such thatδ⁰X = Φ. Since X is not free in A1, . . . , Ak, we have |δA_i|M = |δ⁰Ai|M, and therefore ui ∈ |δ⁰Ai|M. By the induction hypothesis, we get t[u1/x1, . . . , uk/xk] ∈ |δ⁰B|M = |δ(B[Φ/X])|M. Since this is true for every Φ, we gett[u1/x1, . . . , uk/xk]∈^T{|δ(B[Φ/X])|M; Φ :T_Eⁿ →

<M}=|δ(∀XB)|=|δA|M.

If it is rule 8, we have A ≡ B[v/x], and the previous derivation step gave x1 : A1, . . . , xk :Ak `E t:B[u/x], u and v being L-terms such that E `u=v.

By the induction hypothesis, we have t[u1/x1, . . . , uk/xk] ∈ |B[u/x]|M. But u 'E v, and therefore |B[u/x]|M =|B[v/x]|M=|A|M. Hence the result.

Q.E.D.

Lemma 10 Let B and F be formulas of L, possibly with parameters in M, and δ a valuation inM. Then|δ(B[F/Xy1. . . yn])|M =|δ(B[Φ0/X])|M, where Φ0 :T_Eⁿ→ <M

is defined by Φ0(t1, . . . , tn) =|δ(F[t1/y1, . . . , tn/yn])|M for every t1, . . . , tn ∈ TE. The proof is by induction on the formula B. If B is atomic, the only non-trivial case is B ≡ Xv1. . . vn, v1, . . . , vn being L-terms. Then |δ(B[F/Xy1. . . yn])|M =

|δ(F[v1/y1, . . . , vn/yn])|M=|δ(F[δv1/x1, . . . , δvn/yn])|M = Φ0(δv1, . . . , δvn) =δ(Φ0(v1, . . . , vn)).

IfB ≡B⁰ →B⁰⁰, the result follows immediately from the induction hypothesis.

If B ≡ ∀xB⁰, we may assume that the first order variable x does not appear in F. Then |δ(B[F/Xy1. . . yn])|M=^Tt∈T |δ(B⁰[F/Xy1. . . yn][t/x])|M =

T

t∈T |δ(B⁰[t/x][F/Xy1. . . yn])|M = ^Tt∈T |δ(B⁰[t/x][Φ0/X])|M (by the induction hy- pothesis) =^Tt∈T |δ(B⁰[Φ0/X][t/x])|M =|δ(∀x B⁰[Φ0/X])|M=|δ(B[Φ0/X])|M.

If B ≡ ∀Y B⁰, Y being a second order variable of arity p, (we may assume it does not appear in F) then:

|δ(B[F/Xy1. . . yn])|M=^T{|δ(B⁰[F/Xy1. . . yn][Ψ/Y])|M; Ψ :T_E^p → <M}

=^T{|δ(B⁰[Ψ/Y][F/Xy1. . . yn])|M; Ψ :T_E^p → <M}

=^T{|δ(B⁰[Ψ/Y][Φ0/X])|M; Ψ :T_E^p → <M} (by the induction hypothesis)

=^T{|δ(B⁰[Φ0/X][Ψ/Y])|M; Ψ :T_E^p → <M}=|δ(∀X B⁰[Φ0/X])|M=|δ(B[Φ0/X])|M. Q.E.D.

References

[1] M. Felleisen. The Calculi of λv-CS conversion: a syntactic theory of control and state in imperative higher order programming. Ph. D. dissertation, Indiana Uni- versity, 1987.

[2] J.Y. Girard. Une extension de l’interpr´etation de G¨odel `a l’analyse. In: Proc. 2nd Scand. Logic Symp. p. 63-92. North Holland Pub. Co. (1971).

[3] T. Griffin. A formulae-as-type notion of control. In Conference Record of the 17th A.C.M. Symposium on principles of Programming Languages (1990).

[4] J.L. Krivine. Lambda-calcul, types et mod`eles. Masson ed., Paris (1990). English translation: Lambda-calculus, types and models. Ellis Horwood ed. (1993).

[5] J.-L. Krivine. Lambda-calcul, ´evaluation paresseuse et mise en m´emoire. Theoret- ical Informatics and Applications. Vol. 25,1 p. 67-84 (1991).

[6] J.-L. Krivine. Op´erateurs de mise en m´emoire et traduction de G¨odel. Arch. Math.

Logic 30, p. 241-267 (1990).

[7] J.-L. Krivine. Classical logic, storage operators and second orderλ-calculus. Pr´epu- blications de l’Equipe de Logique Math´ematique, Universit´e Paris VII (1992). To appear in Ann. Pure & App. Logic (1994).

[8] J.L. Krivine, M. Parigot. Programming with proofs. J. Inf. Process. Cybern. EIK 26,3 p. 149-167 (1990).

[9] D. Leivant. Reasoning about functional programs and complexity classes associ- ated with type disciplines. 24th Annual Symp. on Found. of Comp. Sc. p. 460-469 (1983).

[10] K. Nour. Op´erateurs de mise en m´emoire en λ-calcul pur et typ´e. Ph. D. Thesis, Universit´e de Savoie (1993).

[11] K. Nour. Preuve syntaxique d’un th´eor`eme de J.L. Krivine sur les op´erateurs de mise en m´emoire. Comptes Rendus Acad. Sc. Paris (to appear).

[12] M. Parigot. Free deduction: an analysis of computations in classical logic. Proc.

of Log. Prog. and Automatic Reasoning. St Petersbourg. L.N.C.S. 592 p. 361-380 (1991).

[13] M. Parigot. λµ-calculus: an algorithmic interpretation of classical natural deduc- tion. Proc. of Log. Prog. and Automatic Reasoning. St Petersbourg. L.N.C.S. 624 p. 190-201 (1992).

[14] G. Plotkin. Call-by-name, call-by-value, and the λ-calculus. Th. Comp. Sc. 1, p.

125-159 (1975).